Security Issue

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
4/26/2013 9:51:03 AM
Gravatar
Total Posts 30

Security Issue

I am having an issue with adding users when using LDAP authetication with Automatically Add LDAP users on first login turned on

Here is the scenario:

  1. Added a user
  2. Turned LDAP on
  3. Deleted user
  4. Try to logon as user which should be added automatically and get the error Login Failed
  5. Go to Add user manually through Administration/Add new user and get error The user name is already in use
  6. If I use a different ID and the same email address I also get an error The email address is already in use

It seems the record was not deleted

Before I go and try to manually delete records from the database I thought I would see if there is another solution...

4/26/2013 10:39:39 AM
Gravatar
Total Posts 30

Re: Security Issue

Update to this issue....

I looked in the database and the records I deleted still exist in dbo.mp_users with the user id/email address

I am assuming I can just delete that record

I just don't know what the relationships are in other tables if it is safe to just delete that record

 

 

 

4/26/2013 10:48:36 AM
Gravatar
Total Posts 18439

Re: Security Issue

You should be able to manually delete the user row.

Note that in Administration > Site Settings there is a checkbox for "Really Delete Users?"

If not checked then users are flagged as IsDeleted rather than actually deleted. If unchecked then deleting a user will really delete the row. However if a user row is really deleted then any forum posts or webstore orders or other data previously attached to the user will be orphaned but not deleted.

Hope that helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.